Fibre tapping attacks are a real threat in optical networks. The tap consists, for example, of bending the fibre to the point that it leaks light, enabling an attacker to gain access to communications traffic being carried by optical channels propagating through the fibre. When a successful tap is made, packet-sniffer software can be used to filter through the packet headers of the traffic. This means that specified IP addresses, MAC addresses or DNS information can be gathered from the tapped traffic. If an attacker is successful in using an unobtrusive method to retrieve traffic directly from the fibre optic cable, then the attacker does not need access to a network in order to access the communications traffic being sent across it. Encryption techniques can improve the security of the traffic but encryption can be broken.
Fibre tapping techniques may be hard to be detected since the loss introduced by the tapping device may be so low that network management and monitoring systems may not be able to identify the attack. In some cases, attackers cut the fibre at a given point so that the network operator detects a link failure. While the operator goes in field to repair the fibre cut, the attacker applies a fibre tap some kilometers away from the fibre cut point. By operating during this network maintenance period, when the fibre is under repair, an attacker can avoid a network monitoring system detecting the optical power transient that typically occurs when a fibre tap is inserted. After the fibre repair is complete, it is impossible to detect whether a tap has been inserted because the effect of the tap on the quality of the optical signal is very limited and could be easily confused with the effect of a patch used to repair the cut fibre. Other fibre tapping methods are also used, including the permanent installation of optical splitters on an optical fibre to enable continuous eavesdropping. This technique can be easily used along hundreds of kilometers of unmonitored and un-watched optical network cable.
The most obvious way to protect optical fibre cables from this type of attack is to prevent physical access to them. However there are millions of kilometers of optical fibre cables spanning across the globe and it is not possible to protect optical fibre cables out in the field in the way in which the central offices of communication networks are protected.
Current solutions to the problem of fibre tapping attacks are either based on protection at higher network layers, specifically cryptography and steganography, or on the use of complex, expensive and not very reliable network monitoring infrastructures, such as a combination of embedded optical time domain reflectometry, OTDR, vibration monitoring systems, and optical network parameter monitoring. US2010/119225 discloses a transceiver card for providing secure optical transmission over optical fibre. The transceiver card comprises an optical time domain reflectometer connected to the receiver side of the card, upstream from the receiver. Cryptography may be used to protect communications traffic content but not to prevent access to the traffic. A malicious attacker with access to encrypted data can, if motivated and with a suitable amount of money and time, successfully open the encryption. The methods based on monitoring systems to detect malicious intrusion on an optical link are very expensive, cannot react to fast transients in optical signal power, and are prone to false alarms and to alarms failing to go off; a threshold set too high can fail to detect an attack while a threshold set too low will generate many false alarms as a consequence of changes in fibre parameters due to normal ageing, stress, faults, etc.